The origins of SAP GRC software goes back decades, but adoption has been
slow. But with the rigor of modern compliance regimes like SOX, coupled with
the sheer volume and complexity of online transactions, there's been an
accelerating movement away from document-centric review processes to
automation. There are a variety of SAP process control and access control
solutions that can monitor transactions, alert on potential SOD conflicts,
and facilitate remediation.
Companies implementing GRC software stick segregation of duties in IT for
IT handles the Basis administration, which implements the security model They
understand security concepts like the principle of least privilege Often,
they're the only ones who can make heads or tails of the SAP GRC software
But in reality, sticking segregation of duties in IT is asking for trouble.
Why Keep... (more)
For many companies, user role management has changed from a routine SAP
administration task into an ongoing security struggle. As IT landscapes
become more complex and compliance requirements become more stringent,
administering, reviewing and remediating SAP security roles eats up greater
and greater amounts of time, energy and money.
Fortunately, this trajectory isn't inevitable or even necessary. SAP GRC
software allows admins to safely provision SAP security roles by automating
risk analysis, reporting and remediation. The problem is that although the
technology has kept up w... (more)